Thursday, October 16, 2014

Protecting Lightstreamer Against POODLE (SSLv3)

Google's researchers recently discovered a new vulnerability affecting the SSL protocol. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, allows an attacker (a man-in-the-middle) to decrypt ciphertext using a padding oracle side-channel attack. Full details are available in this Google paper.

Lightstreamer relies on the underlying Java Virtual Machine (JVM) for the implementation of the SSL and TLS encryption and cipher suites. While waiting for the availability of a JVM upgrade that avoids SSL 3.0 by default, we recommend configuring Lightstreamer Server to prevent the use of SSL 3.0 for all HTTPS and WSS connections.

HOW TO DISABLE SSLv3 IN LIGHTSTREAMER SERVER

NOTE: Disabling SSLv3 in Lightstreamer Server is only possible starting from version 5.1 build 1622 (which was released in December 2012). If you are using an older version of Lightstreamer, we recommend you to upgrade to the latest available version.

Lightstreamer 6.0, due later this year, will disable SSLv3 by default.

To disable SSLv3, edit lightstreamer_conf.xml to configure the allowed protocols for each listening port that enables HTTPS (if any). This corresponds to each <https_server> block and, possibly, to the <rmi_connector> block inside <jmx>, if configured for SSL communication.

By default, the Server allows all protocols available in the Java implementation. But if at least one <allow_protocol> element is present in the block, only the specified protocols will be allowed.

So, just insert in each block the following lines: <allow_protocol>SSLv2Hello</allow_protocol> <allow_protocol>TLSv1</allow_protocol> <allow_protocol>TLSv1.1</allow_protocol> <allow_protocol>TLSv1.2</allow_protocol>

These elements apply to common Java 7 and Java 8 virtual machines. For Java 6, it is usually necessary to insert the first two elements only (SSLv2Hello and TLSv1).
SSLv2Hello is only needed to allow some kinds of clients (e.g. Java clients based on Java 6) to perform the initial handshake; then, such clients may be able to switch to one of the TLS protocols.

Note that the <allow_protocol> element is not documented and not shown in the factory configuration file for the current 5.1.x versions. Again, note that it was not available before Server version 5.1 build 1622.

After editing lightstreamer_conf.xml, you must restart Lightstreamer Server.

A resume of the protocols enabled for each port affected by the settings will be logged at startup on the LightstreamerLogger.init logger at INFO level.